According to company disclosure on July 14, Israeli payments company Nayax refused to pay a ransom demanded by hackers who exfiltrated transaction records and scanned documents from a cloud account associated with a subsidiary. Nayax's board determined that paying would not serve the long-term interests of customers, partners, employees or shareholders.
The company confirmed data theft six days after initially disclosing suspicious activity on July 8. Hackers have threatened to publish the stolen material if Nayax does not pay by July 21. Nayax stated that affected transaction records do not include cardholder names, CVV codes or identification information, and that production payment-processing systems and core infrastructure were not compromised. The company is cooperating with law enforcement in Israel and the United States.